Skip to main content
Workforce

Microsoft Entra ID Configuration

Use this guide to configure Microsoft Entra ID in the Entra ID admin center to allow read and optional write access for SecureAuth Connect integration.

After you complete this configuration, you can integrate it with SecureAuth Connect.

Prerequisites

Before you begin, ensure you have:

  • Application Administrator account in Microsoft Entra ID
  • Administrative access to the Entra ID admin center
Set up admin privileges in Microsoft Entra ID

To grant access to users in Microsoft Entra ID, you assign Microsoft Entra roles. A role is a collection of permissions.

You will need a Microsoft Entra ID user account with an assigned role of Application administrator on the Directory scope.

To assign this role to a user:

  1. Log in to the Microsoft Entra ID admin center as at least a Privileged Role Administrator or Global Administrator.

  2. Go to the Microsoft Entra ID directory and from the left navigation, click Roles and administrators.

    Microsoft Entra ID Roles and administrators navigation

  3. Search for and select the Application Administrator role.

  4. Click Add assignments.

    Add assignments button for Application Administrator role

  5. In the left navigation, set the Scope type to Directory. Then, select a user as a member and click Next.

    Set scope type to Directory and select user

  6. Set the Assignment type to Active, enter the justification, and click Assign.

    Set assignment type to Active and provide justification

Process

To configure Microsoft Entra ID for SecureAuth Connect in the Entra ID admin center, complete these tasks:

Task A: Register an application for SecureAuth Connect

To integrate Microsoft Entra ID with SecureAuth Connect, you need to register an application in the Entra ID admin center.

  1. Log in to your Entra ID Account through the Entra ID admin center.

  2. Select Microsoft Entra ID.

  3. Select App registrations and click New registration.

    App registrations page with New registration button

  4. Set a Name and keep the default Supported account types setting, wihch is a single tenant.

    Register an application form with name and account type settings

  5. Click Register.

Task B: Add API permissions for SecureAuth Connect

Grant read and write permissions for the SecureAuth Connect API calls to Microsoft Entra ID..

  1. From the App registrations list, click name of the registered app that you just created.

  2. In the left pane, click API Permissions. Then, click Add a permission.

    API Permissions page with Add a permission button

  3. Select Microsoft Graph.

    Request API permissions page showing Microsoft Graph option

  4. Click Delegated permissions. Scroll down to find and select the following check boxes:

    • Directory.AccessAsUser.All
    • Directory.Read.All
    • Group.Read.All
    • User.Read
    • User.Read.All

    Delegated permissions selection showing required permissions

  5. After selecting delegated permissions, scroll to the bottom of the page and click Add permissions.

  6. Click Add a permission again and select Microsoft Graph.

  7. Click Application permissions. Scroll down to find and select the following check boxes:

    • Directory.Read.All
    • Group.Read.All
    • User.Read.All

    Application permissions selection showing required permissions

  8. After selecting delegated permissions, scroll to the bottom of the page and click Add permissions.

  9. Verify the permissions you added and click Grant admin consent. Configured API permissions with Grant admin consent button

Task C: Create the client secret

Create an application secret key for the SecureAuth Connect connection to Microsoft Entra ID. You will need to provide this client secret when configuring the connection in SecureAuth Connect.

  1. From the left pane, click Certificates & secrets. Then, click New client secret.

    Certificates & secrets page with New client secret button

  2. Enter a description and set expiration to 24 months. Then, click Add.

    Add a client secret form with description and expiration settings

  3. Copy the client secret Value before the system masks it when you leave the page.

    Note: You will need this client secret value when configuring the connection in SecureAuth Connect.

    Client secret created with value to copy

  4. From the left pane for this app registration, click Authentication.

  5. In the Advanced settings section, select Yes.

    Authentication page Advanced settings with Yes selected

  6. Save your changes.

Task D: Get registered application information

For the SecureAuth Connect side of the configuration, copy and note these two values: Application (client) ID and Directory (tenant) ID.

  1. Select Microsoft Entra ID.

  2. Select App registrations.

  3. From the list, click the application name link.

  4. In the Overview section, copy these values:

    Note: You will need these values for the SecureAuth Connect configuration.

    • Application (client) ID
    • Directory (tenant) ID

    App registration Overview page showing Application ID and Directory ID

Next steps

After completing the configuration steps in your Microsoft Entra ID admin center, proceed to Connect Microsoft Entra ID in SecureAuth Connect.

To complete this step in the SecureAuth Connect admin console, gather these values:

  • Directory Tenant ID - Your Microsoft Entra tenant ID
  • Client ID - The application (client) ID from your Microsoft Entra ID app registration
  • Client Secret - The client secret associated with your Microsoft Entra ID application
  • Entra ID Tenant Domain - Your verified domain, such as company.onmicrosoft.com